Episodes

  • Don't Bury the Model T: Why STRIDE Still Drives in an AI World
    Jul 1 2026

    In this episode, we dig into two things the security community loves to argue about: npm finally doing the right thing and whether STRIDE has any business being called dead. The npm v12 changes gate dangerous install script behavior by default, which is a good step forward and also about a decade overdue. Then we wade into a hot take claiming that STRIDE was built for a world that no longer exists, and we push back hard on the idea that non-deterministic AI systems need an entirely new threat-modeling religion rather than a better understanding of the one we already have. Also: wheat, Oregon Trail, and Emacs.

    🚀 Join the Conversation
    If your threat model failed because of an AI hallucination, was that STRIDE's fault or yours?

    FOLLOW OUR SOCIAL MEDIA:

    ➜Twitter: @SecTablePodcast
    ➜LinkedIn: The Security Table Podcast
    ➜YouTube: The Security Table YouTube Channel

    Thanks for Listening!

    Show More Show Less
    59 mins
  • Mostly Dead or Mostly Back: The Zombie Resurrection of DAST in an AI World
    Jun 24 2026

    In this episode, we dig into whether DAST is dead, mostly dead, or quietly making a comeback dressed in an AI trench coat. The conversation traces the origins of dynamic application security testing from nmap scans and open source hacker tools to a market now valued at nearly four billion dollars and growing. We debate where DAST ends, and AI pen testing begins, whether AI can find a vulnerability nobody has ever seen before, and what happens when you compound the false positives of rigid rule-based scanning with the hallucinations of a large language model. Also: cats meowing the Final Countdown.

    🚀 Join the Conversation
    If AI pen testing can already find zero days in open source software, does human pen testing still have a defensible edge — or are we just not ready to admit it doesn't?


    FOLLOW OUR SOCIAL MEDIA:

    ➜Twitter: @SecTablePodcast
    ➜LinkedIn: The Security Table Podcast
    ➜YouTube: The Security Table YouTube Channel

    Thanks for Listening!

    Show More Show Less
    42 mins
  • Realists At The Table: How To See Through The Hype
    Jun 17 2026

    In this episode, we dig into how the cybersecurity personality has shifted from the ego-driven, hoodie-up archetype to the paycheck-chasing newcomer. The conversation covers hype cycles from mainframes to AI to quantum, whether passion or profit is driving the next generation into the field, and why we think the threat modeling problem is already solved. At the same time, everyone else keeps getting in the way. The discussion takes detours through The Cuckoo's Egg, Sneakers, War Games, and NFT apes before landing on a question we couldn't quite agree on: Does AI actually have a personality, and does it belong in the security community?

    🚀 Join the Conversation
    If you got into cybersecurity for the love of the problem or the paycheck, would you even know the difference anymore?


    FOLLOW OUR SOCIAL MEDIA:

    ➜Twitter: @SecTablePodcast
    ➜LinkedIn: The Security Table Podcast
    ➜YouTube: The Security Table YouTube Channel

    Thanks for Listening!

    Show More Show Less
    38 mins
  • The Agentic Access Problem: When AI Becomes Its Own Administrator
    Jun 3 2026

    In this episode, we explore what happens when AI agents meet the security principle of least privilege. As agents gain the ability to request permissions, make decisions, and interact with systems on our behalf, the line between human and machine responsibility starts to blur. The discussion covers prompt fatigue, over-permissioned agents, and why "because the agent told me to" may become the next security anti-pattern—before taking a hilarious detour into EULAs, cookie notices, and Matt's unexpected habit of reading both.

    🚀 Join the Conversation

    If your AI agent requested administrator access right now, would you know whether it actually needed it?


    FOLLOW OUR SOCIAL MEDIA:

    ➜Twitter: @SecTablePodcast
    ➜LinkedIn: The Security Table Podcast
    ➜YouTube: The Security Table YouTube Channel

    Thanks for Listening!

    Show More Show Less
    40 mins
  • The Tool Creep Problem: When More Security Means Less Security
    May 8 2026

    In this episode, we break down why security budgets keep growing while organizations keep falling further behind. We explore how tool creep has quietly shifted from a nuisance into an active attack surface, and why agentic AI is becoming the insider threat no one planned for. Izar shares a firsthand account of watching an AI agent attempt increasingly creative workarounds to escape a sandbox, revealing just how much risk lives in the gap between what agents are told to do and what they are actually capable of. At the end of the day, it comes back to fundamentals: define your agents' boundaries, limit their capabilities to only what they need, and stop confusing tool accumulation with security maturity.

    🚀 Join the Conversation

    If your AI agent were compromised today, would you even know it was the agent and not you?


    FOLLOW OUR SOCIAL MEDIA:

    ➜Twitter: @SecTablePodcast
    ➜LinkedIn: The Security Table Podcast
    ➜YouTube: The Security Table YouTube Channel

    Thanks for Listening!

    Show More Show Less
    42 mins
  • The Human In The Loop Illusion: Why AI Approvals Are Failing Security
    Apr 30 2026

    In this episode, a debate about hacker movies turns into a deeper conversation about AI, security, and the human-in-the-loop illusion. We explore how approval fatigue and AI-generated code can create a false sense of security and why fundamentals still matter.

    🚀 Join the Conversation
    Are we improving security, or just automating bad decisions faster?


    FOLLOW OUR SOCIAL MEDIA:

    ➜Twitter: @SecTablePodcast
    ➜LinkedIn: The Security Table Podcast
    ➜YouTube: The Security Table YouTube Channel

    Thanks for Listening!

    Show More Show Less
    48 mins
  • The Mythos Problem: When AI Finds Every Vulnerability
    Apr 15 2026

    In this episode, we break down the “AI Vulnerability Storm” and what happens when AI can find—and exploit—vulnerabilities faster than humans can fix them.

    We explore how compressed OODA loops are shifting the balance toward attackers, why traditional scoring like CVSS may start to break down, and whether “just patch faster” is even realistic anymore. The team also questions the push toward AI agents everywhere—and whether fighting AI with more AI actually solves the problem.

    At the end of the day, it comes back to fundamentals: reduce your attack surface, simplify your systems, and focus on what actually matters.


    🚀 Join the Conversation
    Is this a real shift in security—or just faster chaos?


    FOLLOW OUR SOCIAL MEDIA:

    ➜Twitter: @SecTablePodcast
    ➜LinkedIn: The Security Table Podcast
    ➜YouTube: The Security Table YouTube Channel

    Thanks for Listening!

    Show More Show Less
    47 mins
  • What If AI Never Happened? The AppSec Reality Check
    Apr 8 2026

    In this episode, we explore a simple but surprisingly deep question: what would application security look like if generative AI never existed? We break down how AppSec might still rely on deterministic, rule-based approaches, what we might gain in structure and rigor, and what we’d lose in speed, scale, and accessibility. Along the way, we debate whether AI is truly improving security or just accelerating existing problems, from “vibe coding” and false confidence in results to the growing gap between finding and fixing vulnerabilities.

    We also get into the tension between human-driven security practices and AI-assisted workflows, and whether the biggest challenges in AppSec are actually technical at all or still rooted in people and process. Plus, things take a turn as we let AI weigh in…and roast us a bit in the process.

    Per usual, it’s a mix of thoughtful discussion, strong opinions, and a little chaos.

    FOLLOW OUR SOCIAL MEDIA:

    ➜Twitter: @SecTablePodcast
    ➜LinkedIn: The Security Table Podcast
    ➜YouTube: The Security Table YouTube Channel

    Thanks for Listening!

    Show More Show Less
    47 mins